Fix #62179: Restrict import attribute values to string literals#62638
Fix #62179: Restrict import attribute values to string literals#62638sdotson wants to merge 5 commits intomicrosoft:mainfrom
Conversation
typescript-bot
added
the
For Uncommitted Bug
|
This PR doesn't have any linked issues. Please open an issue that references this PR. From there we can discuss and prioritise. |
1 similar comment
|
This PR doesn't have any linked issues. Please open an issue that references this PR. From there we can discuss and prioritise. |
There was a problem hiding this comment.
Pull Request Overview
This PR fixes issue #62179 by restricting import attribute values to string literals only, preventing arbitrary JavaScript expressions from being used. The parser previously accepted any expression (functions, numbers, arrays, etc.) in import attributes, which violated the ECMAScript specification.
Key changes:
- Modified the parser to only accept string literals as import attribute values
- Added comprehensive test coverage for various invalid expression types
- Updated existing test baselines to reflect the stricter parser behavior
Reviewed Changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/compiler/parser.ts | Changed parser to use parseLiteralLikeNode(SyntaxKind.StringLiteral) instead of parseAssignmentExpressionOrHigher() for import attribute values |
| tests/cases/compiler/importTypeAttributesNonString.ts | New test file validating rejection of non-string expressions and acceptance of valid string literals |
| tests/cases/fourslash/organizeImportsAttributes4.ts | Removed test case with numeric attribute value (now invalid) |
| tests/baselines/reference/importTypeAttributesNonString.* | Baseline files for the new test showing expected errors for invalid attribute values |
| tests/baselines/reference/importAttributes6(module=). | Updated baselines reflecting changed parser behavior producing syntax errors instead of type errors |
| tests/baselines/reference/importAssertionNonstring.* | Updated baselines for import assertions with non-string values |
| ~~~~~~~~~~~ | ||
| !!! error TS1005: ':' expected. | ||
| ~~~~~~ | ||
| !!! error TS2880: Import assertions have been replaced by import attributes. Use 'with' instead of 'assert'. |
There was a problem hiding this comment.
The error messages in this test are much worse now
There was a problem hiding this comment.
I think they should be better now. Thank you for the review.
github-project-automation
bot
moved this from Not started
to Waiting on author
in PR Backlog
|
With 6.0 out as the final release vehicle for this codebase, we're closing all PRs that don't fit the merge criteria for post-6.0 patches. If you think this was a mistake and this PR fits the post-6.0 patch criteria, please post to the 6.0 iteration issue with details (specifically, which PR and which patch criteria it satisfies). Next steps for PRs:
|
Summary
Fixed Issue #62179: Import type attributes were incorrectly accepting arbitrary JavaScript expressions instead of only string literals.
Changes Made:
- Changed parseAssignmentExpressionOrHigher() to parseLiteralLikeNode(SyntaxKind.StringLiteral)
- Now properly restricts import attribute values to string literals only
- Tests that non-string values (functions, numbers, arrays, objects, etc.) are properly rejected
- Verifies string literals still work correctly
- Fixed existing tests to reflect the new parser behavior
Fixes issue #62179